Security Alert

March 19 – Phishing Alert

Tuesday, March 19, 2019, many UA students received a phishing email with the subject “The University of Alabama:  Immediate Availability Jobs, Employment.” This email did not originate from UA, it is an email scam.

Emails like these are phishing attempts designed to steal credentials such as a myBama username or password.  Remember to notice the red flags of phishing emails. Look at the from email address of the email. Official UA emails will be delivered from a @ua.edu email address.  

If you did receive an email like this, and you did provide any sensitive information, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

Feb. 24 – Phishing Alert

Sunday, Feb. 24, 2019, many UA faculty and staff members received a phishing email with the subject “FW: 2019 Payroll Adjustment” This email did not originate from UA, it is an email scam.

Emails like these are phishing attempts designed to steal credentials such as a myBama username or password.  Remember to notice the red flags of phishing emails. Look at the from email address of the email. Official UA emails will be delivered from a @ua.edu email address.  

If you did receive an email like this, and you did provide any sensitive information, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

Student Phishing Alert – Job Scams

Thursday, Jan. 31, 2019, many UA students received phishing emails that pose as job opportunities; however, the emails did not originate from UA nor reputable companies, these emails are scams.  

Emails like these are phishing attempts designed to steal credentials such as a myBama username or password.  Remember to notice the red flags of phishing emails. Look at the from email address of the email. Official UA emails will be delivered from a @ua.edu email address, and reputable companies will send emails from their domain name, not from Gmail or Yahoo email addresses.

If you did receive an email like this, and you did provide any sensitive information, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

Jan. 28, 2019 – Phishing Alert

Monday, Jan. 28, 2019, many UA employees received a phishing email from the email jcmezzetti@alaska.edu. The email appeared to be from the IT Help Desk; however, the email did not originate from UA or our office, it is an email scam.  

This email is a phishing attempt designed to steal credentials such as a myBama username or password.  If you haven’t already, please delete the email. Additionally, if you are not a DUO user, please activate your DUO account at duo.ua.edu.

If you did receive this email, and you did provide any sensitive information, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

Jan. 23, 2019 – Phishing Alert

Wednesday, Jan. 23, 2019, many UA employees received a phishing email from the email address tls071000@utdallas.edu. The email appeared to be a letter from President Bell; however, the email did not originate from UA, it is an email scam.  

This email is a phishing attempt designed to steal credentials such as a myBama username or password.  If you haven’t already, please delete the email. Additionally, if you are not a DUO user, please activate your DUO account at duo.ua.edu.

If you did receive this email, and you did provide any sensitive information, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

Jan. 8, 2019 – Phishing Alert

Tuesday, Jan. 8, 2019, many UA students, faculty and staff received a phishing email from a compromised crimson email account. The email posed as the IT Service Desk; however, the email did not originate from OIT, it is an email scam.  

This email is a phishing attempt designed to steal credentials such as a myBama username or password.  If you haven’t already, please delete the email. Additionally, if you are not a DUO user, please activate your DUO account at duo.ua.edu.

If you did receive this email, and you did provide any sensitive information, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

Gift Card Phishing Scams

Over the past few months, OIT has seen a major rise in phishing attempts where malicious actors attempt to exploit money from UA employees. The emails appear to come from a supervisor or another organization leader, and the emails are directed to an employee in that organization or group. This scam has been occurring at UA for several months, beginning with senior leadership.

The emails begin by the malicious actor engaging employees in an email-only conversation that attempts to convince the employee to purchase gift cards. If you look closely, the “From:” email address is not actually a ua.edu email address, but an alternative email address the actor set up outside of UA.  The email address may appear to come from a UA contact, but it is usually a Gmail, AOL or other external email address that includes the name of the supervisor or leader. Often, the emails have poor spelling and grammar. Additionally, the emails are usually brief and may only be a subject line. Below are a few examples of these emails.


Subject: Hi [NAME OF TARGET]

Good morning,

 Are you in the office? If not please i have an important errand i want you to run for me in the store right now? 

Thanks

Best Regards.

[NAME OF THE SUPERVISOR OR LEADERSHIP]

Executive Director


Subject: Hello Are you in compus


Subject: Hello

Are you available on campus 


Do not be fooled by these phishing emails. Remember to always look at the “From:” address to make sure it is an actual supervisor or leader’s ua.edu email address. If you do receive an email like this, please send a copy to security@ua.edu, and then delete the email. 

Dec. 19, 2018 Phishing Attempts

Wednesday, Dec. 19, 2018, many UA employees received phishing emails.

The emails were from gclaveria@wsd1.org and mnorris2@fortiscollege.edu. These emails are phishing attempts designed to steal credentials such as a myBama username or password.  If you haven’t already, please delete the emails. Additionally, if you are not a DUO user, please activate your DUO account at duo.ua.edu.

If you did receive this email, and you did provide any sensitive information, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

Dec. 13, 2018 – Phishing Attempt

Thursday, Dec. 13, 2018, many UA employees received a phishing email with the subject title “IT Advisory: Account Upgrade”from the email address hdeguzman@wsd1.org.

This email is a phishing attempt designed to steal credentials such as a myBama username or password.  If you haven’t already, please delete the email. Additionally, if you are not a DUO user, please activate your DUO account at duo.ua.edu.

If you did receive this email, and you did provide any sensitive information, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

Phishing Emails from Campus Execs

Many UA employees have received phishing emails with unusual messages that appear to be from the email accounts of UA executives or vice presidents; however, they are actually phishing emails from malicious actors. The emails attempt to engage the recipient into an email-only discussion, and some emails include requests to purchase gift cards.

If you have received an email like this, please delete the email. Additionally, if you are not a DUO user, please activate your DUO account at duo.ua.edu. Remember the red flags of phishing, and always check the “from” email address on suspicious messages. All official UA email should originate from a @ua.edu email address.

If you did receive this email and you have questions, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.